Malware Posed as 'Mia Khalifa Porn Game' to Spy on Android Smartphones

Android
A 3D printed Android logo is seen in front of a displayed cyber code in this illustration taken March 22, 2016. REUTERS/Dado Ruvic/Illustration

A Twitter account with 67,000 followers has been used to promote a strain of mobile malware posing as a saucy game named after former adult actress Mia Khalifa. If downloaded it could spy on smartphones, a cybersecurity firm has warned.

The malware, dubbed "Maikspy" by researchers from Trend Micro, is known to target devices running Android and Windows. The team said in an advisory posted on Tuesday that some victims had contracted the malware from a website also using Khalifa's name as a lure.

Recently, multiple Twitter accounts have pushed victims towards a second game called "Virtual Girlfriend" using shortened links that lead to the same booby-trapped domain. The latest variants were spotted in March this year, security experts revealed.

When a victim clicks the link shared via Twitter they are transferred to a download page promising an adult application. Once clicked, researchers said the app shows an error page and claims to be uninstalling. In reality, it lurks in the background of the device. From there, it can be used to steal text messages, contact lists and a record of every installed app.

Additionally, the attackers, whose identities remain unknown, can issue a number of remote commands including the recording of sound from around the device. In another fraud tactic, the malware opens a fake Mia Khalifa domain and attempts to steal credit card details.

One of the Twitter profiles used to spread links—known as "Round Year Fun"—also has a website that hosts downloadable games and several third-party social media surveys, such as "How and when will you die?" and "Who's your Twitter Valentine?" According to Trend Micro research, evidence suggests that the website is directly linked to the cyber-crooks.

In a blog post, experts Ecular Xu and Grey Guo wrote: "Upon checking the cached version of the [Round Year Fun] page, we discovered that it was also used to distribute the adult game first used by the attackers behind Maikspy." They concluded that it was "possible" the developers responsible for circulating the malware operate the gaming domain. One account referenced by Trend Micro, going by the handle "@rifusthegr8," had tweeted a link to the malicious domain and was still active. Twitter did not respond to a request for comment.

"The attackers behind Maikspy have changed domains and IP addresses over the years, but all were found hosted in a publicly traded internet domain registrar and web hosting company in the U.S.," the researchers wrote. "Downloading only from legitimate app stores like Google Play can prevent Maikspy from compromising computers and mobile devices."

It remains unclear how many victims were successfully targeted in the Android malware attacks. Windows users were targeted via a malicious Chrome extension, Trend Micro said.

Android
A 3D printed Android logo is seen in front of a displayed cyber code in this illustration taken March 22, 2016. REUTERS/Dado Ruvic/Illustration
Malware Posed as 'Mia Khalifa Porn Game' to Spy on Android Smartphones | Tech & Science